Categorygithub.com/osbuild/loggingpkgsplunk
package
0.0.2
Repository: https://github.com/osbuild/logging.git
Documentation: pkg.go.dev
Overview
Versions
1
Dependencies
15
Dependents
1
Files
363 SLOC

# README

splunk

A Splunk event handler for log/slog. Features:

  • Configurable URL, token, source and hostname.
  • Batching support.
  • Non-blocking flush call support.
  • Blocking close call support with a timeout.
  • Memory pool for event byte buffers.
  • Utilizes JSON handler from the standard library.
  • Built for performance (no JSON stdlib encoding). * Statistics for better observability.

How to use

package main

import (
	"bytes"
	"context"
	"fmt"
	"log/slog"
	"net/http"
	"net/http/httptest"
	"os"

	"github.com/osbuild/logging/pkg/splunk"
)

func main() {
	srv := httptest.NewServer(http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) {
		buf := new(bytes.Buffer)
		buf.ReadFrom(r.Body)
		fmt.Println(buf.String())
	}))
	defer srv.Close()

	url, ok := os.LookupEnv("SPLUNK_URL")
	if !ok {
		url = srv.URL
	}
	token, ok := os.LookupEnv("SPLUNK_TOKEN")

	h := splunk.NewSplunkHandler(context.Background(), slog.LevelDebug, url, token, "source", "hostname")

	log := slog.New(h)
	log.Debug("message", "k1", "v1")

	defer func() {
		// block until all logs are sent but not more than 2 seconds
		h.Close()

		s := h.Statistics()
		fmt.Printf("sent %d events in %d batches\n", s.EventCount, s.BatchCount)
	}()
}

Run the example against mock Splunk with the following command:

go run github.com/osbuild/logging/internal/example_splunk/

Run the example against real Splunk with the following command:

export SPLUNK_URL=https://xxx.splunkcloud.com/services/collector/event
export SPLUNK_TOKEN=x7d04bb1-7eae-4bde-9d92-89837206239x
go run github.com/osbuild/logging/internal/example_splunk/

# Functions

NewSplunkHandler creates a new SplunkHandler.

# Constants

DefaultEventSize is the initial capacity of the event buffer, default 1kB.
DefaultMaximumSize is the initial capacity of the event buffer before it is flushed, default is 1MB.
DefaultPayloadsChannelSize is the size of the channel that holds payloads, default 4k.
DefaultSendFrequency is the frequency at which payloads are sent at a maximum, default 5s.
EventKey is the key used to group the event attributes.

# Variables

ErrFullOrClosed is returned when the payloads channel is full or closed via close().
ErrInvalidEvent is returned when the event is not a valid JSON object with a trailing newline.
ErrResponseNotOK is returned when the response from Splunk is not 200 OK.

# Structs

SplunkConfig is the configuration for the Splunk handler.
SplunkHandler sends records to a Splunk instance as events.
No description provided by the author